检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:朱建峰 ZHU Jianfeng(Fifth Oil Extraction Plant North China Oilfield Branch of China National Petroleum Corporation,Shijiazhuang Hebei 052360,China)
机构地区:[1]中国石油华北油田分公司第五采油厂,河北石家庄052360
出 处:《信息安全与通信保密》2025年第2期105-117,共13页Information Security and Communications Privacy
摘 要:为应对油气生产物联网的网络安全威胁,研究建立了一种纵深防御的主动安全体系。通过资产识别、威胁分析和脆弱性评估开展全面风险评估,基于零信任原则设计了身份认证、访问控制、数据加密和态势感知等安全机制,构建了软件定义边界微分段模型实现可信隔离。研究创新性地引入同态加密和主动免疫技术,实现数据全生命周期保护。在典型油田12个月的测试验证显示,系统安全状况显著改善,渗透成功率从43%降至5%,异常检测准确率从85%提升至98%,达到行业领先水平,为关键信息基础设施安全防御提供了新思路和实践经验。To address the cybersecurity threats in oil and gas production IoT(Internet of Things),an active defense system with defense-in-depth is established.The study carries out comprehensive risk assessment through asset identification,threat analysis and vulnerability evaluation,and designs security mechanisms such as identity authentication,access control,data encryption and situational awareness based on zero-trust principle,and then carries out a software-defined perimeter micro-segmentation model for trusted isolation.The study innovatively introduces homomorphic encryption and active immunity technologies to achieve full lifecycle data protection.Twelve-month testing in a typical oilfield demonstrates significant improvement in system security,with penetration success rates decreasing from 43%to 5%and anomaly detection accuracy increasing from 85%to 98%,reaching industry-leading levels and providing new approaches and practical experience for critical information infrastructure security defense.
关 键 词:油气物联网 工控安全 零信任 软件定义边界 同态加密 纵深防御
分 类 号:TN915.08[电子电信—通信与信息系统]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.49